Tool Detects "In-Flight" Webpage Alterations 197
TheWoozle writes "In a follow-up to a recent story about ISPs inserting ads into web pages, the University of Washington security and privacy research group has teamed with the International Computer Science Institute (ICSI) to develop an online tool to help you identify if your ISP is inserting ads or otherwise modifying the web pages you request."
Should just block all ads, but... (Score:4, Interesting)
The hash gets calculated once for static content, which is usually the bulk of the traffic, no? So
not too big of a hit.
Browser sees content. Browser sees hash. Browser compares the two...
--
Censored [blogspot.com] by [blogspot.com] Technorati [blogspot.com] and now, Blogger too! [blogspot.com]
Oh lord the confusion (Score:4, Interesting)
Re:Frames (Score:2, Interesting)
Re:What ISPs do this? (Score:2, Interesting)
Re:Frames (Score:2, Interesting)
Old stuff. (Score:4, Interesting)
FWIW, seemed only one person noticed that the forbes page they loaded somehow had the company logos everywhere
I toyed with the idea of substituting ads with reminders (meeting at 2pm, or "you have been on slashdot for 2 hours!") and other more useful information.
Lastly, I don't think their naive hashing thing checks if you are altering the images - the content may remain unchanged, but linked to contents may change (they aren't checked from what I see), so it doesn't work for my scenario where different ads are substituted for the unaltered URL.
That said, I'm still curious on:
1) How many ISPs would bother modifying traffic from those 7 destinations they are testing.
2) What the various laws around the world say about this.
3) What those laws say about "sponsored internet access" where an ISP gives a cheaper package/plan where the ads are substituted with the ISPs advertisers with the risk of some corrupted info.
4) What those laws say about "streamlined internet access" where an ISP provides a package/plan where ads and other crap are removed (or modified) for their customer.
Re:Frames (Score:2, Interesting)
Not quite... (Score:4, Interesting)
As long as the actual API used by the Javascript is common enough that the ad-injectors can't recognize and block our code by keeing in on the API calls rather than the overall Javascript.
The proper solution, adding integrity checking to all HTTP, seems like its not happening.
Re:Frames (Score:2, Interesting)
What if we just jail the billionaires who own the ISPs for altering the copyrighted content of web pages?
A 99.9999997183% decrease in salary for hours worked accompanied by a change in lovers from Big Boobs to Big Bubba might be just what the doctor ordered.